[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
cfengine removes "too much" file-permissions (patch included)
From: |
Martin Jost |
Subject: |
cfengine removes "too much" file-permissions (patch included) |
Date: |
Thu, 07 Mar 2002 12:54:07 +0100 |
Hello,
this is based on cfengine2.0.b4.
cfengine sometime removes permissions on files, which it shouldn't:
Example:
Before:
-rwxrwxrwx 1 jost users 0 6. März 18:34 dummy
Example1: (in cfagent.conf)
/home/jost/cfengine/dummy mode=ug=rx owner=jost group=users
action=fixplain
After: (ok)
-r-xr-x--- 1 jost users 0 6. März 18:34 dummy
Example2:
- cfagent.conf
/home/jost/cfengine/dummy mode=ug=r,o=x owner=jost
group=users action=fixplain
cfagent -v
...
Checking file(s) in /home/jost/cfengine/dummy
cfengine:lasagne: /home/jost/cfengine/dummy had permission 777,
changed it to 0
After: (Oops !)
---------- 1 jost users 0 6. März 18:34 dummy
My cvs log entry:
Symbolic Mode with more than one '=' got wrong results
("u=rwx,og=rx" would wipe out all permission-bits, see below)
SetMask() now takes an additional argument 'affected' carrying a
bit-mask
of the affected bits.
This is needed to get the '='-case right. Only the _not_ affected bits
may be added to 'minus' (*m).
Without this wrong bits are cleared.
E.g. 'mode=u=rwx,go=rw' will wipe out all (!) bits.
("----------")
[u=rwx would give (only looking at the lower 9 bits)
'value=700' thus ~value=077;
go=rw would give 'value=055' thus ~value=722;
Both '~value's ored together would yield '777' for minus -> all bits
dead]
I sent in a patch concerning this previous; it seems, that part of my
patch has made it in 2.0b4.
(setting of "affected" for the symbolic modes) But is incomplete and
thus doesn't work
In addition:
"affected" set for numerical chmods too
SetMask() takes an additional argument 'affected' carrying a bit-mask
of the affected bits.
(Same change in prototypes.h)
The patch is attached to this message.
(Apply in cfengine...-Dir with 'patch -p1 < mode_patch')
Martin
Index: cfengine/src/modes.c
diff -c cfengine/src/modes.c:1.1.1.3 cfengine/src/modes.c:1.1.1.3.2.1
*** cfengine/src/modes.c:1.1.1.3 Wed Mar 6 12:37:22 2002
--- cfengine/src/modes.c Wed Mar 6 19:10:55 2002
***************
*** 110,116 ****
--- 110,125 ----
case '5':
case '6':
case '7': state = which;
+ affected = 07777; /* TODO: Hard-coded; see below */
sscanf(sp,"%o",&value);
+ if (value > 07777) /* TODO: Hardcoded !
+ Is this correct for all sorts of Unix ?
+ What about NT ?
+ Any (POSIX)-constants ??
+ */
+ {
+ yyerror("Mode-Value too big !\n");
+ }
while (isdigit((int)*sp) && (*sp != '\0'))
{
sp++;
***************
*** 119,125 ****
break;
case ',':
! SetMask(action,value,plusmask,minusmask);
action = '=';
affected = 0;
value = 0;
--- 128,134 ----
break;
case ',':
! SetMask(action,value,affected,plusmask,minusmask);
action = '=';
affected = 0;
value = 0;
***************
*** 136,142 ****
}
}
! SetMask(action,value,plusmask,minusmask);
Debug1("[PLUS=%o][MINUS=%o]\n",*plusmask,*minusmask);
return;
--- 145,151 ----
}
}
! SetMask(action,value,affected,plusmask,minusmask);
Debug1("[PLUS=%o][MINUS=%o]\n",*plusmask,*minusmask);
return;
***************
*** 166,179 ****
/*********************************************************/
! void SetMask(action,value,p,m)
char action;
! int value;
mode_t *p,*m;
{
! Debug1("SetMask(%c%o)\n",action,value);
switch(action)
{
--- 175,188 ----
/*********************************************************/
! void SetMask(action,value,affected,p,m)
char action;
! int value, affected;
mode_t *p,*m;
{
! Debug1("SetMask(%c%o,%o)\n",action,value,affected);
switch(action)
{
***************
*** 187,193 ****
return;
case '=':
*p |= value;
! *m |= (~value) & 07777;
return;
default:
sprintf(VBUFF,"Mode directive %c is unknown",action);
--- 196,202 ----
return;
case '=':
*p |= value;
! *m |= ((~value) & 07777 & affected);
return;
default:
sprintf(VBUFF,"Mode directive %c is unknown",action);
Index: cfengine/src/prototypes.h
diff -c cfengine/src/prototypes.h:1.1.1.3 cfengine/src/prototypes.h:1.1.1.3.2.1
*** cfengine/src/prototypes.h:1.1.1.3 Wed Mar 6 12:37:23 2002
--- cfengine/src/prototypes.h Wed Mar 6 19:11:53 2002
***************
*** 602,608 ****
void ParseModeString ARGLIST((char *modestring, mode_t *plusmask, mode_t
*minusmask));
void CheckModeState ARGLIST((enum modestate stateA, int stateB, char ch));
! void SetMask ARGLIST((char action, int value, mode_t *p, mode_t *m));
/* mount.c */
--- 602,608 ----
void ParseModeString ARGLIST((char *modestring, mode_t *plusmask, mode_t
*minusmask));
void CheckModeState ARGLIST((enum modestate stateA, int stateB, char ch));
! void SetMask ARGLIST((char action, int value, int affected, mode_t *p, mode_t
*m));
/* mount.c */
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- cfengine removes "too much" file-permissions (patch included),
Martin Jost <=